Aaron Sachs asachs01

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                asachs01
                / README.md
            
            
              Last active
              January 30, 2024 13:30
            
              
                Scripts used for installing Prometheus on Windows & Linux
              
          
    Aaron's Scripts for Installing the Prometheus Node Exporter, Windows Exporter and Promtail

This is a collection of the scripts that I'm using to install the Prometheus node exporter, Windows exporter and promtail in my hoem lab environments. There are certainly more battle-tested solutions (i.e., the Ansible Prometheus collection is 🤌🤌🤌), but these work well enough to use in small environments. Feel free to use and abuse.
NOTE: Rather than reinventing the wheel on Linux, I'm using https://github.com/carlocorradini/node_exporter_installer to install the node exporter.
NOTE: While yes, Windows does have the ability to create a service natively, I've found that starting the Promtail binary via the natively supported method isn't possible. I'm using WinSW to create a service that will start the Promtail binary.

  
## windows_account_lockouts.json
{
  "__inputs": [
    {
      "name": "DS_LOKI",
      "label": "Loki",
      "description": "",
      "type": "datasource",
      "pluginId": "loki",
      "pluginName": "Loki"
    }

## event4740_loki_logql_expr.txt
{job="windows_security"}
| json
| event_id = `4740`
| line_format "{{.event_data}}"
| regexp "'TargetUserName'>(?P<UserName>[^<]+)<"
| regexp "'TargetDomainName'>(?P<LockoutSource>[^<]+)<"

## install_promtail.ps1
param (
    [string]$hostUrl = $(if ($env:PROMTAIL_HOST_URL) { $env:PROMTAIL_HOST_URL } else { "http://localhost:3100/loki/api/v1/push" }),
    [string]$eventTypesStr = $(if ($env:PROMTAIL_EVENT_TYPES) { $env:PROMTAIL_EVENT_TYPES } else { "Application,Security,System" })
)

# Variables
$latestReleaseUrl = "https://github.com/grafana/loki/releases/latest"
$repoUrl = "https://github.com/grafana/loki"
$winswUrl = "https://github.com/winsw/winsw/releases/download/v2.12.0/WinSW-x64.exe"
$outputDir = "C:\"

## graylog_metrics.json
{
  "__inputs": [
    {
      "name": "DS_PROMETHEUS",
      "label": "Prometheus",
      "description": "",
      "type": "datasource",
      "pluginId": "prometheus",
      "pluginName": "Prometheus"
    }

## graylog_api_routes.json
{
    "models": {},
    "apiVersion": "4.0.0+9376305",
    "swaggerVersion": "1.2",
    "apis": [],
    "basePath": "http://192.168.156.229:9000/api",
    "resourcePath": "/streams/streamid/alerts/alertId/history"
  }
  {
    "models": {

## docker-compose.yml
---
version: "3"
services:
  sensu-backend:
    image: sensu/sensu:latest
    ports:
    - 3000:3000
    - 8080:8080
    - 8081:8081
    volumes:

## sensuctl-aliases
‎‎alias sensuctl-whoami="sensuctl config view --format yaml"

## backend-example.yml
etcd-advertise-client-urls: https://192.168.1.1:2379
etcd-initial-advertise-peer-urls: https://192.168.1.1:2380
etcd-initial-cluster: backend-0=https://backend-0.example.com:2380,backend-1=https://backend-1.example.com:2380,backend-2=https://backend-2.example.com:2380
etcd-initial-cluster-state: new
etcd-listen-client-urls: https://192.168.1.1:2379
etcd-listen-peer-urls: https://0.0.0.0:2380
etcd-name: backend-1
log-level: debug
state-dir: /var/lib/sensu/sensu-backend
cert-file: "/etc/pki/tls/certs/cert.pem"

## sensu-ansible-ssl-example.yml
---
- name: Install, configure and run Sensu backend in debug mode
  hosts: monitoring-sensu
  remote_user: centos
  become: true
  become_method: sudo
  collections: [sensu.sensu_go]
  roles:
     - role: backend
       backend_config:
	{
	"__inputs": [
	{
	"name": "DS_LOKI",
	"label": "Loki",
	"description": "",
	"type": "datasource",
	"pluginId": "loki",
	"pluginName": "Loki"
	}
	{job="windows_security"}
	\| json
	\| event_id = `4740`
	\| line_format "{{.event_data}}"
	\| regexp "'TargetUserName'>(?P<UserName>[^<]+)<"
	\| regexp "'TargetDomainName'>(?P<LockoutSource>[^<]+)<"
	param (
	[string]$hostUrl = $(if ($env:PROMTAIL_HOST_URL) { $env:PROMTAIL_HOST_URL } else { "http://localhost:3100/loki/api/v1/push" }),
	[string]$eventTypesStr = $(if ($env:PROMTAIL_EVENT_TYPES) { $env:PROMTAIL_EVENT_TYPES } else { "Application,Security,System" })
	)

	# Variables
	$latestReleaseUrl = "https://github.com/grafana/loki/releases/latest"
	$repoUrl = "https://github.com/grafana/loki"
	$winswUrl = "https://github.com/winsw/winsw/releases/download/v2.12.0/WinSW-x64.exe"
	$outputDir = "C:\"
	{
	"__inputs": [
	{
	"name": "DS_PROMETHEUS",
	"label": "Prometheus",
	"description": "",
	"type": "datasource",
	"pluginId": "prometheus",
	"pluginName": "Prometheus"
	}
	{
	"models": {},
	"apiVersion": "4.0.0+9376305",
	"swaggerVersion": "1.2",
	"apis": [],
	"basePath": "http://192.168.156.229:9000/api",
	"resourcePath": "/streams/streamid/alerts/alertId/history"
	}
	{
	"models": {
	---
	version: "3"
	services:
	sensu-backend:
	image: sensu/sensu:latest
	ports:
	- 3000:3000
	- 8080:8080
	- 8081:8081
	volumes:
	etcd-advertise-client-urls: https://192.168.1.1:2379
	etcd-initial-advertise-peer-urls: https://192.168.1.1:2380
	etcd-initial-cluster: backend-0=https://backend-0.example.com:2380,backend-1=https://backend-1.example.com:2380,backend-2=https://backend-2.example.com:2380
	etcd-initial-cluster-state: new
	etcd-listen-client-urls: https://192.168.1.1:2379
	etcd-listen-peer-urls: https://0.0.0.0:2380
	etcd-name: backend-1
	log-level: debug
	state-dir: /var/lib/sensu/sensu-backend
	cert-file: "/etc/pki/tls/certs/cert.pem"
	---
	- name: Install, configure and run Sensu backend in debug mode
	hosts: monitoring-sensu
	remote_user: centos
	become: true
	become_method: sudo
	collections: [sensu.sensu_go]
	roles:
	- role: backend
	backend_config: